← Back to branch summary

~serge-hallyn/ubuntu/quantal/lxc/lxc-fixapi

~serge-hallyn/ubuntu/quantal/lxc/lxc-fixapi

« back to all changes in this revision

Viewing changes to debian/apparmor/abstractions-lxc-start-container.in

Committer: Package Import Robot
Author(s): Stéphane Graber
Date: 2012-06-19 15:13:23 UTC
Revision ID: package-import@ubuntu.com-20120619151323-w6x0fg3gzqiyfpk5

Tags: 0.8.0~rc1-4ubuntu14

* Apparmor profile update:
  - Move lxc-start profile content to abstractions/lxc-start-container
  - Move lxc-default profile content to abstractions/lxc/container-default
  - Include the abstractions
  - Update lxc-default-with-nesting to include both abstractions
  - Allow fstype=fuse.*, for all containers

files added:
debian/apparmor

debian/apparmor/abstractions-lxc-container-default

debian/apparmor/abstractions-lxc-start-container

debian/apparmor/abstractions-lxc-start-container.in

debian/apparmor/lxc-containers

debian/apparmor/lxc-default

debian/apparmor/lxc-default-with-nesting

debian/apparmor/usr.bin.lxc-start

files removed:
debian/lxc-containers.apparmor

debian/lxc-default-with-nesting.apparmor

debian/lxc-default.apparmor

debian/lxc.apparmor

debian/lxc.apparmor.in

files modified:
debian/changelog

debian/rules

Show diffs side-by-side

added added

removed removed

debian/apparmor/abstractions-lxc-start-container.in

1

network,

2

capability,

3

file,

4

5

# currently blocked by apparmor bug

6

mount -> /usr/lib/@DEB_HOST_MULTIARCH@/lxc/{**,},

7

mount fstype=devpts -> /dev/pts/,

8

mount options=bind /dev/pts/ptmx/ -> /dev/ptmx/,

9

mount fstype=debugfs,

10

11

# all umounts are under the original root's /mnt, but right now we

12

# can't allow those umounts after pivot_root. So allow all umounts

13

# right now. They'll be restricted for the container at least.

14

umount,

15

#umount /mnt/{**,},

16

17

pivot_root /usr/lib/@DEB_HOST_MULTIARCH@/lxc/,

18

19

change_profile -> lxc-*,

20

change_profile -> unconfined,

Older »